You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Change blacklisting to also check for the actual access token from the database, cause when we regenerate a session, the session is not removed fully, but only the token is changed (make sure to send try refresh token in the case that session exists, but tokens don't match as opposed to unauthorised). We do not need to change the refresh token because that has token theft detection anyway.
We must update lmrt only when the session is being regenerated for the purpose of auth? Otherwise, if we simply update the lmrt each time the JWT payload changes (like in the case of fauna), that may pose inaccurate results.
The text was updated successfully, but these errors were encountered:
Change blacklisting to also check for the actual access token from the database, cause when we regenerate a session, the session is not removed fully, but only the token is changed (make sure to send try refresh token in the case that session exists, but tokens don't match as opposed to unauthorised). We do not need to change the refresh token because that has token theft detection anyway.
We must update
lmrt
only when the session is being regenerated for the purpose of auth? Otherwise, if we simply update the lmrt each time the JWT payload changes (like in the case of fauna), that may pose inaccurate results.The text was updated successfully, but these errors were encountered: